nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

14.05.2016 | Original Paper

Identification of malicious android app using manifest and opcode features

verfasst von: M. V. Varsha, P. Vinod, K. A. Dhanya

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 2/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we propose a statistical approach for smartphone malware detection. A set of features such as hardware, permission, application components, filtered intents, opcodes and strings are extracted from the samples to form a vector space model. Feature selection methods such as Entropy based Category Coverage Difference (ECCD) and Weighted Mutual Information (WI) are used to choose the prominent features. The performance of the system is analyzed using classifiers, Random Forest, Rotation Forest and Support Vector Machine (SVM). The system was evaluated on individual models as well as Meta feature space model for both malware and benign features. It was observed that the meta feature space model with malware features provide the best results for both feature selection. For ECCD, Random Forest classifier performs better [Dataset 1—0.972, Dataset 2—0.976 and Dataset 3—0.969] whereas in the case of WI, SVM gives highest F-measure [Dataset 1—0.993, Dataset 2—0.994 and Dataset 3—0.992]. From the overall analysis on the system, we conclude that the malware model outperforms it’s benign counterpart and also that WI is a better feature selection technique compared to ECCD.

Vorheriger Artikel Chronicle of a Java Card death

Nächster Artikel Erratum to: Evolution and characterization of point-of-sale RAM scraping malware

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Androguard. http://code.google.com/p/androguard/. Accessed 7 Dec 2014

Android Malware Genome Project. http://www.malware-genomeproject. Accessed 5 May 2014

Apk File Format. http://www.file-extensions.org/article/android-apk-file-format-description. Accessed 7 Dec 2014

Drebin Dataset. http://user.cs.uni-goettingen.de/~darp/drebin/. Accessed 2 Jan 2015

Gartner. http://www.gartner.com/newsroom/id/3010017. Accessed 8 Jan 2015

Google Play store. https://play.google.com/store?hl=en. Accessed 5 May 2014

Smali/Baksmali. http://code.google.com/p/smali/. Accessed 5 May 2014

WEKA-Open Source Machine Learning Software. http://www.cs.waikato.ac.nz/ml/weka. Accessed 8 Jan 2015

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Security and Privacy in Communication Networks, pp. 86–103. Springer, Berlin (2013)

10.

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of Android malware in your pocket. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2014)

11.

Aung, Z., Zaw, W.: Permission-based Android malware detection. Int. J. Sci. Technol. Res. 2(3), 228–234 (2013)

12.

Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefMATH

13.

Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26, ACM (2011)

14.

Canfora, G., De Lorenzo, A., Medvet, E., Mercaldo, F., Visaggio, C.A.: Effectiveness of opcode ngrams for detection of multi family Android malware. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 333–340. IEEE (2015)

15.

Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: Triage for market-scale mobile malware analysis. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 13–24. ACM (2013)

16.

Chang, C.C., Lin, C. J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2(3), 1–27 (2011)

17.

Enck, W., Ongtang, M., McDaniel, P.D.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)

18.

Feizollah, A., Anuar, N.B., Salleh, R., Wahab, A.: A review on feature selection in mobile malware detection. Digital Investig. 13, 22–37 (2015)CrossRef

19.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 627–638 (2011)

20.

Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 3–14 (2011)

21.

Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of Android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587 (2014)

22.

Kang, B., Kang, B.J., Kim, J., Im, E.G.: Android malware classification method: Dalvik bytecode frequency analysis. In: Proceedings of the 2013 research in adaptive and convergent systems, pp. 349–350. ACM (2013)

23.

Kang, H., Jang, J.-W., Mohaisen, A., Kim, H.K.: Detecting and classifying Android malware using static analysis along with creator information. Int. J. Distrib. Sens. Netw. (2015). doi:10.1155/2015/479174

24.

Kim, D., Kwak, J., Ryou, J.: DWroidDump: executable code extraction from Android applications for malware analysis. Int. J. Distrib. Sens. Netw. (2014). doi:10.1155/2015/379682

25.

Largeron, C., Moulin, C., Géry, M.: Entropy based feature selection for text categorization. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 924–928. ACM (2011)

26.

Peng, H., Gates, C.S., Sarma, B.P., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I. : Using probabilistic generative models for ranking risks of Android apps. In: ACM Conference on Computer and Communications Security, pp. 241–252. ACM (2012)

27.

Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating Android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)

28.

Rodriguez, J.J., Kuncheva, L.I., Alonso, C.J.: Rotation forest: a new classifier ensemble method. IEEE Trans. Pattern Anal. Mach. Intell. 28(10), 1619–1630 (2006)CrossRef

29.

Sarma, B.P., Li, N., Gates, C.S., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)

30.

Schaffernicht, E., Gross, H.-M.: Weighted mutual information for feature selection. In: Artificial Neural Networks and Machine Learning-ICANN, pp. 181–188. Springer, Berlin (2011)

31.

Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)CrossRef

32.

Spreitzenbarth, M., Freiling, F. C., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into Android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1808–1815. ACM (2013)

33.

Varsha, M.V., Vinod, P., Dhanya, K.A.: Heterogeneous feature space for Android malware detection. In: Proceedings of 8th IEEE International Conference on Contemporary Computing (IC3-2015), Jaypee Institute of Information Technology, Noida (2015)

34.

Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in Android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)CrossRef

35.

Wu, D.-J., Mao, C. -H., Wei, T. -E., Lee, H. -M., Wu, K. -P.: DroidMat: Android malware detection through manifest and API calls tracing. In: Proceedings of Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69 (2012)

36.

Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109. IEEE Computer Society (2012)

37.

Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware Android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ’14), pp. 1105–1116 (2014)

38.

Chinese market. http://shouji.baidu.com/s?wd=shareit&data_type=app&f=header_app. Accessed 5 May 2014

39.

Android App. Store. http://www.9apps.com/. Accessed 5 May 2014

40.

http://contagiodump.blogspot.in/. Accessed 15 Jan 2015

41.

Alternate App stores. http://www.ubergizmo.com/articles/google-play-store-alternatives/. Accessed 5 May 2014

Titel: Identification of malicious android app using manifest and opcode features
verfasst von: M. V. Varsha
P. Vinod
K. A. Dhanya
Publikationsdatum: 14.05.2016
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 2/2017
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-016-0277-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2017

Erratum to: Evolution and characterization of point-of-sale RAM scraping malware

Chronicle of a Java Card death

Structural analysis of binary executable headers for malware detection optimization

Clustering for malware classification